TalkTalk’s security breaches in the UK and the action it’s taken have been widely publicised. What’s less well-known is the aftermath of a breach like that, and how organised criminals can get involved.

That’s what appears to have happened in the TalkTalk case, as a handful of Indian “contact centre” workers have claimed they were hired specifically to persuade TalkTalk customers to hand their data over. They were part of a 60-strong team, they stated.

It was in effect an old scam; they would call and claim to be working for TalkTalk, and suggest there was a problem with the computer, and persuade the customer to install malware that then enabled the criminals to get into the system and raid bank details and other confidential information. The problem is not independently verified but according to a BBC report it appears likely that it is genuine, and related not to TalkTalk but to one of its subcontractors.

Whether this instance is real or not (and it appears to be), it’s certain that people get calls from people claiming there is a problem with a computer and that their company (they might claim to be Microsoft, for example) is the only one that can help.

Naked Security’s standard advice is to hang up when one of these calls comes in, however tempting it is to string along or taunt the caller.

We’d also urge companies to put better controls in place sometimes – banks will never ask for complete passwords, for example, but one of our staff had to call his ISP last week and they wouldn’t act without the complete word rather than individual letters.

We talked to Action Fraud, attached to the City of London Police, which issued an infographic with practical points on it in response to the TalkTalk issue. It points out that legitimate companies will never cold-call requesting remote access to your computer or for financial details. It adds:

Even if the caller is able to provide you with details such as your full name, don’t give out any personal or financial information during a cold call.

If you’re in the UK and have been approached by a scammer, call Action Fraud on 0300 123 2040.

3 comments on “Are you customer of a firm that’s been breached? Look out for more attacks”

I received a call two weeks ago, but it was not TalkTalk, same MO, our server has detected a virus on your computer, please check your router etc.
Could someone explain how these scammers get your phone number, whether its your
landline or mobile. A third party must be selling them on, probably after an internet transaction,
lots of unscrupulous people out there !!

Last year I had fraudsters ringing my mobile, texting and ringing landline within a few minutes of each other, pretending to be from my bank. I am sure that was a consequence of the TalkTalk breach.

Crazy thing is that I have never been a customer of TalkTalk. I was a customer of Virgin Media who transferred their copper telephone line accounts (Virgin National) to TalkTalk. I wasn’t even a customer of Virgin Media either, but I think my details were still transferred anyway.